Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirection


  • This topic is locked This topic is locked
9 replies to this topic

#1 Maldon

Maldon

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 28 February 2006 - 08:50 AM

Hi,

I recently had Cool Web Search on my XP SP2 system, but now CWS Shredder tells me I am clear. I have run every spy catcher, ad fixer, etc, that I could find (incl. Norton Internet Security, Adaware, AboutBuster, Spybot, and others) and the HJT log now looks clear.....to me. The problem I still see is that when online my browser (whether MSIE or Firefox) frequently gets routed to advertising pages, sometimes to Google. And regardless of what precautions I take, whenever I do a Norton AV scan I seem always to find trojan.byte.verify.

You seem to do a great job for everyone who visits your site ---- if you can do so for me too then I will be very happy.

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 14:45:51, on 28/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/advanced_search?hl=en
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.co.uk/advanced_search?hl=en"); (C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{56B40555-68B3-4851-8075-4EE9E8F90708}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ADC861A-F899-434F-86EC-2A4E1A9FA010}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{56B40555-68B3-4851-8075-4EE9E8F90708}: NameServer = 85.255.113.108,85.255.112.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 PM

Posted 28 February 2006 - 10:08 AM

Hi Maldon, :thumbsup:

Welcome to BC. :flowers: I am checking your log now and will get back to you with instructions as soon as I have them ready.

#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 PM

Posted 28 February 2006 - 10:44 AM

Hello again, Maldon.

You have a wareout infection. :thumbsup: Please read the instructions carefully, then print them so that you'll have access to them at all times, especially when you are in Safe Mode. Follow the instructions in the order they are given and please don't miss any. If you have any questions, ask them before you begin with the fix.

Please run Notepad and copy/paste the following text inside the Code box into a new file: It's important that you use notepad, not wordpad.

attrib -r -h -s C:\WINDOWS\system32\dm???.exe
del C:\Windows\System32\dm???.exe
attrib -r -h -s C:\Windows\System32\hg???.exe
del C:\Windows\System32\hg???.exe
attrib -r -h -s C:\Windows\System32\cs???.exe
del C:\Windows\System32\cs???.exe


Save the file to the desktop as remove.bat and make sure the "Save as Type" field says "All Files". Don't do anything else with it yet. Just save it to the desktop.

====================================================

Let's download the programs we need to use later.

Download and install Ewido Anti-Malware

During the installation, uncheck the following under Additional Options:
Install background guard
Install scan via context menu


Check for updates but do not run it yet.

Download ATF Cleaner by Atribune and save it to your Desktop.

====================================================

Next download FixWareout© by LonnyRJones
or
FixWareout© by LonnyRJones
Save it to your desktop. They are just different locations to download from. Note: Leave your internet connection running, the fixwareout may prompt you to download BFU from merijn.

Click Next, then Install, then make sure "Run fixit" is checked and click Finish
The fix will begin; follow the prompts
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts
Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{56B40555-68B3-4851-8075-4EE9E8F90708}: NameServer = 85.255.113.108,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ADC861A-F899-434F-86EC-2A4E1A9FA010}: NameServer = 85.255.113.108,85.255.112.131

O17 - HKLM\System\CS1\Services\Tcpip\..\{56B40555-68B3-4851-8075-4EE9E8F90708}: NameServer = 85.255.113.108,85.255.112.131


Then click Fix Checked
Close HijackThis, and click OK to proceed.

=====================================================

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

======================================================

Then please go to the desktop and double-click on remove.bat.


======================================================

Still in Safe Mode, run ATF Cleaner

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache


The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

===================================================

Still in Safe Mode run Ewido Anti-Malware.

Click on Scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says 'Perform action with all infections' then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report - click it.
Save the report.txt file to your desktop.

Now close Ewido-Anti-Malware.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

===================================================

Restart your computer in normal mode

===================================================

Now lets check some settings on your system.
(2000/XP)
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asked.
That option might not be avaiable on some systems
Next go to start> run type cmd and hit OK
type ipconfig /flushdns
then hit enter, type exit, hit enter.
(that space between g and / is needed)

================================================================

Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

================================================================

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt, Ewido log and the Panda scan results..

#4 Maldon

Maldon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 01 March 2006 - 02:58 PM

Hi,

Here is the new HJT log, followed by the reports that you requested.


Logfile of HijackThis v1.99.1
Scan saved at 19:54:48, on 01/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SETI@home\SETI@home.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/advanced_search?hl=en
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.co.uk/advanced_search?hl=en"); (C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

***********************************************
Report.txt

Fixwareout ver 1.003
Last edited 2/15/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nbilbaj
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\DMIEW.EXE
C:\WINDOWS\SYSTEM32\DMPLZ.EXE
C:\WINDOWS\SYSTEM32\IPSEC6.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 13:05:26, 01/03/2006
+ Report-Checksum: 71C7A015

+ Scan result:

:mozilla.11:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Norman\Application Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\WINDOWS\system32\zzzyaemu.exe -> Downloader.Agent.tc : Cleaned with backup


::Report End

***********************************************
Activescan.txt

Incident Status Location

Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\java.jar-8fba449-35489bef.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\java.jar-8fba449-35489bef.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\java.jar-8fba449-632ba4d9.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\java.jar-8fba449-632ba4d9.zip[NewURLClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\loaderadv467.jar-1c6d66dc-146051d9.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\loaderadv467.jar-1c6d66dc-146051d9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\loaderadv467.jar-1c6d66dc-24173269.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Norman\.jpi_cache\jar\1.0\loaderadv467.jar-1c6d66dc-24173269.zip[Dummy.class]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Norman\Application Data\Mozilla\Firefox\Profiles\73qd6nup.default\cookies.txt[]
Adware:Adware/IST.ISTBar Not disinfected C:\Downloads\eMule\Incoming\(full version) fps creator.zip[setup.exe]
Virus:Trj/PWSteal.AE Disinfected C:\WINDOWS\system32\jbehz.exe

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 PM

Posted 01 March 2006 - 04:15 PM

Hi Maldon,

Looking much better. :thumbsup: We need to do some tidying up.

Please restart your computer in Safe Mode following my earlier instructions.

===========================================

Make sure that you can see hidden files
" Click Start
" Open My Computer
" Select the Tools menu and click Folder Options
" Select the View Tab
" Under the Hidden files and folders heading select Show hidden files and folders
" Uncheck the Hide protected operating system files (recommended) option
" Click Yes to confirm
" Click OK

===========================================

Go to Start>Explore to bring up Windows Explorer. Navigate, find and delete the following files and folders, if present:

C:\WINDOWS\SYSTEM32\DMIEW.EXE
C:\WINDOWS\SYSTEM32\DMPLZ.EXE
C:\Downloads\eMule\Incoming\(full version) fps creator.zip[setup.exe]

===========================================

1. In any Firefox window, Click Tools=>Options=>Privacy Icon.
2. Under the Cookies tab, Click Clear Cookies Now button.
3. Click OK to exit Options window.

NOTE: you can set up Firefox to automatically clear cookies and other private data upon exit by clicking Settings button in the Clear Private Data tools section In the Options window:

1. Click Settings button
2. Select the data you would like to clear automatically
3. Place a check mark next to Clear Private Data When Closing Firefox
4. Click OK=>OK to exit the options window

Also, please clear your Internet Explorer cookies:

1. Click Start=>Control Panel=>Internet Options
2. In the General tab under the Temporary Internet Files header, Click Delete Cookies=>OK
3. Click OK to exit Internet Options window.

===========================================

Run ATF cleaner

===========================================

Run Ewido again.

===========================================

Restart your computer in Normal Mode

===========================================

The most current version of Sun Java is Java Runtime Environment Version 5.0 Update 6. You seem to have some older versions still installed. Please go to Start>Control Panel>Add/Remove Programs and remove the older versions. Please go to this link and it will describe how you can remove your old version and update to a new JRE, if needed.

===========================================

Run Panda online scan. Save the report.

===========================================

Scan with HijackThis and save the log. Please do not restart your computer until I see the logs and say it's OK.

===========================================

Please post back:

The new HijackThis log
Ewido log
Panda online scan results.


Thank you.

#6 Maldon

Maldon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 02 March 2006 - 01:30 AM

Hi,

Here are the new HJT log and reports.

There remain a few Registry entries for the old Java,

but the program files are gone. I work with a product

that (at the moment) will not install unless a specific

version of Java is present (even if concurrently so with

latest Java version). If the security implications of having the old version are severe, I would much appreciate knowing since this impacts several thousand users. (I'd be happy to discuss this with you on the personal email in my registration details, but I can't do so in a public forum).

Thanks very much indeed for all your help so far.


Logfile of HijackThis v1.99.1
Scan saved at 07:02:07, on 02/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SETI@home\SETI@home.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec

Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.google.co.uk/advanced_search?hl=en
N3 - Netscape 7: user_pref("browser.startup.homepage",

"http://www.google.co.uk/advanced_search?hl=en");

(C:\Documents and Settings\Norman\Application

Data\Mozilla\Profiles\default\iraoigvc.slt\prefs.js)
N3 - Netscape 7:

user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%20Files%5CNetscape%5Csearchplug

ins%5CSBWeb_01.src"); (C:\Documents and

Settings\Norman\Application

Data\Mozilla\Profiles\default\iraoigvc.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess -

{5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security -

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program

Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security -

{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program

Files\Common Files\Symantec

Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program

Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program

Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program

Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla]

C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AWMON]

"C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program

Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel

PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKCU\..\Run: [seticlient] C:\Program

Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON]

"C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program

Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.

trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.c

ab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownl

oader.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java

Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java

Runtime Environment 1.4.1_03) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D}

(Hotmail Attachments Control) -

http://by102fd.bay102.hotmail.msn.com/activex/HMAtchmt.o

cx
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk -

C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4

(BAsfIpM) - Broadcom Corp. -

C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2

(EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido

networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation -

C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8)

- Unknown owner - C:\Program

Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax

8server.exe
O23 - Service: Maya 6 PLE Documentation Server

(mple6docserver) - Unknown owner - C:\Program

Files\Alias\Maya 6.0 Personal Learning

Edition\docs\wrapper.exe" -s "C:\Program

Files\Alias\Maya 6.0 Personal Learning

Edition\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service

(navapsvc) - Symantec Corporation - C:\Program

Files\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation -

C:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -

Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service

(SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe

******************************
Panda Report


Spyware:Cookie/Toplist

Not disinfected

C:\Documents and Settings\Norman\Application

Data\Mozilla\Profiles\default\iraoigvc.slt\cookies.txt[]

*********************************
ewido anti-malware - Scan report
--------------------------------------------------------

-

+ Created on: 00:41:34, 02/03/2006
+ Report-Checksum: 118DC55F

+ Scan result:

No infected objects found.


::Report End

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 PM

Posted 02 March 2006 - 10:09 AM

Hi Maldon :huh: ,

Logs are all clean. :thumbsup: Well done. :flowers: About the implications of having the old versions of Java, I cannot tell you more than what is said here:
It's up to you.

Advisory ID : FrSIRT/ADV-2006-0467
CVE ID : CVE-2006-0614 - CVE-2006-0615 - CVE-2006-0616 - CVE-2006-0617
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-08

Technical Description

Seven vulnerabilities were identified in Sun Java JRE (Java Runtime Environment), which could be exploited by malicious web sites to compromise a vulnerable system. These flaws are due to errors in the "reflection" APIs, which could be exploited by attackers to read, write, and execute arbitrary files by convincing a user to visit a specially crafted web page containing a malicious applet.

Affected Products

JDK 5.0 Update 4 and prior
JRE 5.0 Update 4 and prior
SDK 1.4.2_09 and prior
JRE 1.4.2_09 and prior
SDK 1.3.1_16 and prior
JRE 1.3.1_16 and prior

Solution

JDK and JRE 5.x - Upgrade to JDK and JRE 5.0 Update 6 :
http://java.sun.com/j2se/1.5.0/download.jsp

SDK and JRE 1.4.x - Upgrade to SDK and JRE 1.4.2_10 :
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.x - Upgrade to SDK and JRE 1.3.1_17 :
http://java.sun.com/j2se/1.3/download.html

References

http://www.frsirt.com/english/advisories/2006/0467
http://sunsolve.sun.com/search/document.do...y=1-26-102171-1


Now that you are clean, or seem to be, please follow these simple steps in order to keep your computer clean and secure.

Remember to hide your system files again.

Start>My Computer>Tools>Folder Options>View
Under the Hidden files and Folders heading uncheck Show hidden files and folders.
check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
check the Hide file extensions for known file types.
Click OK.

Please delete the wareout fix and then empty the Recycle bin.

Disable and Enable System Restore If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. Because Windows regularly sets restorepoints, it's very possible that the malware, you have removed, is still present in the System Restore. If you put Windows back to such a restorepoint, this malware will be put back, as well.

This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)
1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.

4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.

Reboot normally.

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got a antivirus, you can download and install one of the following free ones: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AVG Free here
AntiVir here
Avast here

It is essential to keep the anti-virus program fully updated. New virus infections are being produced all the time, and unless the program downloads the latest 'definitions', it cannot protect you against the newer versions. If you want to check for updates manually I'd recommended doing so at least once a week. However, a better option is to set the program to download and install updates automatically every time you are connected to the Internet. The first time you use it, please set it to perform a full system scan.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them allready):
AdAware here
Spybot here Remember to "immunize" after each update
Microsoft Antispyware here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall here
Outpost here
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:
· Fraudulent claims or scams
· Offensive material
· Security vulnerabilities
· Spyware or Adware
· Spam related material
· or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing. :huh:

#8 Maldon

Maldon
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 02 March 2006 - 11:53 AM

Hi again, Amateur (strange nick for one who is clearly a seasoned professional!),

Thanks a million for all the help, the good news you just delivered, and the extra info on Java.

So now, I guess I have a pressing engagement with a "Donate" button!

Thanks again.

#9 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 PM

Posted 02 March 2006 - 12:01 PM

You're welcome. I am glad we could help. Stay safe! :thumbsup:

#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:15 PM

Posted 04 March 2006 - 08:25 AM

Since the problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users